CreateRestorePoint:
CloseProcesses:

AV: 金山毒霸铠甲防御 (Enabled - Up to date) {F12FA156-2AD6-E7A5-D9C3-B4D4353324BE}
AS: 金山毒霸铠甲防御 (Enabled - Up to date) {4A4E40B2-0CEC-E82B-E373-8FA64EB46E03}
金山毒霸 (HKLM-x32\...\Kingsoft Internet Security) (Version: 2016.11.3.1 - Kingsoft Internet Security)
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kcddltool.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
(Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kwsprotect64.exe
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [1807136 2017-01-12] (Kingsoft Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [2017-01-12] (Kingsoft Corporation)
R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [326376 2017-01-12] (Kingsoft Corporation)
R0 KAVBootC; C:\WINDOWS\System32\Drivers\KAVBootC64_ev.sys [63136 2017-01-12] (Kingsoft Corporation)
R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64_ev.sys [209048 2017-01-12] (Kingsoft Corporation)
R2 kisknl; C:\WINDOWS\system32\drivers\kisknl.sys [317080 2017-01-12] (Kingsoft Corporation)
R1 kisnetm; c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksnetm\kisnetm64_ev.sys [127128 2017-01-12] (Kingsoft Corporation)
R2 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [79000 2017-01-12] (Kingsoft Corporation)
2017-01-12 11:11 - 2017-01-12 11:11 - 00000000 ____D C:\Users\myrsl\AppData\Local\Kingsoft
2017-01-12 11:11 - 2017-01-12 11:22 - 00000000 ____D C:\Users\myrsl\AppData\Roaming\shoujizhushou
2017-01-12 11:10 - 2017-01-14 15:47 - 00000000 ____D C:\Users\myrsl\AppData\Roaming\Kingsoft
2017-01-12 11:03 - 2017-01-12 11:16 - 00000000 ____D C:\Program Files (x86)\kingsoft
2017-01-12 10:58 - 2017-01-14 22:03 - 00000000 ____D C:\ProgramData\Kingsoft
2017-01-12 11:05 - 2017-01-12 11:05 - 00158368 _____ () c:\program files (x86)\kingsoft\kingsoft antivirus\zlib1.dll
2017-01-12 11:11 - 2017-01-12 11:10 - 00104096 ____N () c:\program files (x86)\kingsoft\kingsoft antivirus\AdbWinApi2.dll
FirewallRules: [{95602BD8-D4A2-4118-AA87-CD3275532C89}] => C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{B221980B-6B70-4E93-B70F-0CDA639069DB}] => C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{1D136C01-0836-4DB9-A05A-1D7A956C8D29}] => C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{930B53EC-CA0D-4CA8-A8A6-79ABFAD209C8}] => C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe

ShellIconOverlayIdentifiers: [QBOverlayIcon] -> {96959DE7-C855-42BD-8382-2AAABF2A8F52} => C:\Users\myrsl\AppData\Local\Tencent\QQBrowser\User Data\QBShellIcon\QBShellIcon332a657.dll -> No File

2017-01-12 10:57 - 2017-01-12 14:24 - 00000314 _____ C:\WINDOWS\Tasks\QQBrowser Updater Task(Core).job
2017-01-12 10:57 - 2017-01-12 14:24 - 00000310 _____ C:\WINDOWS\Tasks\QQBrowser Updater Task.job
2017-01-12 10:57 - 2017-01-14 22:03 - 00000930 _____ C:\Users\myrsl\Desktop\上网导航.lnk
2017-01-12 10:57 - 2017-01-12 10:57 - 00003274 _____ C:\WINDOWS\System32\Tasks\QQBrowser Updater Task
2017-01-12 10:57 - 2017-01-12 10:57 - 00002660 _____ C:\WINDOWS\System32\Tasks\QQBrowser Updater Task(Core)
2017-01-12 10:57 - 2017-01-12 10:57 - 00002294 _____ C:\Users\myrsl\Desktop\QQ浏览器.lnk
2017-01-12 10:55 - 2017-01-12 10:55 - 00002401 _____ C:\Users\Public\Desktop\听歌识曲.lnk
2017-01-12 10:55 - 2017-01-12 10:55 - 00001435 _____ C:\Users\Public\Desktop\QQ音乐.lnk
2017-01-12 10:52 - 2017-01-12 10:53 - 53367176 _____ C:\Users\myrsl\Downloads\QQMusicForYQQ.exe
QQ音乐2016 (HKLM-x32\...\QQMusic) (Version: 12.97.3627.1201 - 腾讯科技（深圳）有限公司)
Task: {D1BBDABD-9850-43DD-B5F7-84181F296135} - System32\Tasks\QQBrowser Updater Task(Core) => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe <==== ATTENTION
Task: {FADB2587-BF6C-4946-8F83-88F115F5F626} - System32\Tasks\QQBrowser Updater Task => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\QQBrowser Updater Task(Core).job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QQBrowser Updater Task.job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe <==== ATTENTION

FirewallRules: [{E80C5840-57E9-4623-87E7-8DCDFE9BDCE3}] => C:\Program Files (x86)\Tencent\Music\QQMusic1297.10.54.56\QQMusicExternal.exe
FirewallRules: [{9EB2F6CF-5C6F-4E9E-B4FF-FD4A45A1FC2B}] => C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.10.54.56\moleplugin\tadb.exe
FirewallRules: [{2E348CFA-C1D7-488E-AA28-073B5FF4F7A5}] => C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.10.54.56\QQMusic.exe
FirewallRules: [{442F7B43-4FAB-4614-8A2B-80D7FA28CE00}] => C:\Program Files (x86)\Common Files\Tencent\QQMusic\QQMusicService.exe
FirewallRules: [{E3F8C513-9F86-4A9B-9324-53939FAB5167}] => C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.10.54.56\QQMusicUp.exe
FirewallRules: [{5EBC4477-748B-44CC-9189-316C6BC72D6E}] => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
FirewallRules: [{FCFFE9E0-B231-442C-B5E9-DDDC71428E48}] => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
FirewallRules: [{9F4D2243-DE82-41B1-94A1-0E14C7E45175}] => C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe
FirewallRules: [{322D3248-CC13-4127-AF09-C90CF1A63691}] => C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe
FirewallRules: [{A32A78E9-C26A-43BF-B1B4-D6158566D66C}] => C:\Users\myrsl\AppData\Local\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe
FirewallRules: [{2A7B202F-721D-4E1A-AFA6-3595883C9039}] => C:\Users\myrsl\AppData\Local\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe
FirewallRules: [{9B23418B-9C01-4D98-A811-D341C0C51D5C}] => C:\Program Files (x86)\Tencent\QQBrowser\9.5.9980.400\QQBrowser.exe
FirewallRules: [{C506E9A7-35D7-4597-BB28-92C303FFBFBD}] => C:\Program Files (x86)\Tencent\QQBrowser\9.5.9980.400\QQBrowser.exe

EmptyTemp: